Resolving SSH Key Authentication Failures

By Admin · Feb 25, 2026 · Updated Apr 23, 2026 · 155 views · 1 min read

Common Error Messages

Permission denied (publickey)
Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

Diagnostic Steps

1. Verbose SSH Output

ssh -vvv user@server

Look for lines about which keys are being tried and where authentication fails.

2. Check Key Permissions (Client Side)

ls -la ~/.ssh/
# Required permissions:
# ~/.ssh/           = 700 (drwx------)
# ~/.ssh/id_ed25519 = 600 (-rw-------)
# ~/.ssh/config     = 644 (-rw-r--r--)

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/config

3. Check Authorized Keys (Server Side)

ls -la ~/.ssh/authorized_keys
# Must be: 600 (-rw-------)
# Owned by the target user

chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh

4. Check SSH Server Config

grep -E "PubkeyAuthentication|AuthorizedKeysFile" /etc/ssh/sshd_config
# Should show:
# PubkeyAuthentication yes
# AuthorizedKeysFile .ssh/authorized_keys

5. Check Server Logs

sudo tail -20 /var/log/auth.log
# or
sudo journalctl -u sshd -n 20

Common Causes

Cause	Fix
Wrong key permissions	`chmod 600` on private key and authorized_keys
Home directory permissions too open	`chmod 755 ~` (no world-writable)
Wrong user in authorized_keys	Ensure key is in the correct user's file
SELinux context wrong	`restorecon -Rv ~/.ssh`
Key type not accepted	Check `PubkeyAcceptedAlgorithms` in sshd_config

Resolving SSH Key Authentication Failures

Common Error Messages

Diagnostic Steps

1. Verbose SSH Output

2. Check Key Permissions (Client Side)

3. Check Authorized Keys (Server Side)

4. Check SSH Server Config

5. Check Server Logs

Common Causes

Related Articles